Question posted in
Some documentation to get you started can be found here.

How to unset (Hide) "Server" header in Apache 2.4.39 Apache configuration running on Amazon Linux

I am using Amazon Linux and running Apache 2.4.39.
I have added “Header unset Server” along with “ServerToken Prod” and “ServerSignature Off”.

However, I still see “Server: Apache” in the headers.
Further I tried setting Server header to null using below:
Header set Server “”

This works and shows the null header however, it works only for index.php.

I want this to work for all the pages supported by the website like .gif, admin.css etc.

Please suggest!

Thanks in advance!

Tags:

2

Answers


  1. 0

    Try my suggested fix here:

    sudo apt-get install libapache2-mod-security2

    then add this to the end of /etc/apache2/apache.conf:

    <IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule>

    and restart Apache:

    sudo service apache2 restart
    Login or Signup to reply.
  2. 0

    Here is my contribution which appends to the file and all in one.

    curl -skIL localhost
sudo apt-get install -y libapache2-mod-security2
cat >> /etc/apache2/apache2.conf << 'EOL'
<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule> 
EOL
sudo service apache2 restart
curl -skIL localhost

    Example:

    root@CoolServerName:/home/ubuntu# curl -skIL localhost
HTTP/1.1 400 Bad Request
Date: Wed, 09 Nov 2022 18:15:15 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-
root@CoolServerName:/home/ubuntu# cat >> /etc/apache2/apache2.conf << 'EOL'
<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule> 
EOL
root@CoolServerName:/home/ubuntu# sudo service apache2 restart
root@CoolServerName:/home/ubuntu# curl -skIL localhost
HTTP/1.1 400 Bad Request
Date: Wed, 09 Nov 2022 18:16:45 GMT
Server:  
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

root@CoolServerName:/home/ubuntu#
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search